Skip to content

Commit 04b9215

Browse files
committed
BUG/MEDIUM: ssl-gencert: Unlock LRU cache if failing to generate certificate
In ssl_sock_generate_certificate(), if the LRU cache for generated certificates is used, the LRU tree is not unlocked on cache miss if the certificate generation failed. So let's unlock it on error path. The bug was introduced by the commit fbc98eb ("BUG/MEDIUM: ssl: fix error path on generate-certificates"). So this patch must be backported with the commit above, so to all stable versions.
1 parent 75f72c2 commit 04b9215

1 file changed

Lines changed: 3 additions & 1 deletion

File tree

src/ssl_gencert.c

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -356,8 +356,10 @@ int ssl_sock_generate_certificate(const char *servername, struct bind_conf *bind
356356
ssl_ctx = (SSL_CTX *)lru->data;
357357
if (!ssl_ctx && lru) {
358358
ssl_ctx = ssl_sock_do_create_cert(servername, bind_conf, ssl);
359-
if (!ssl_ctx)
359+
if (!ssl_ctx) {
360+
HA_RWLOCK_WRUNLOCK(SSL_GEN_CERTS_LOCK, &ssl_ctx_lru_rwlock);
360361
goto error;
362+
}
361363
lru64_commit(lru, ssl_ctx, cacert, 0, (void (*)(void *))SSL_CTX_free);
362364
}
363365
SSL_set_SSL_CTX(ssl, ssl_ctx);

0 commit comments

Comments
 (0)